Microsoft's new Edge browser has a password manager, here's how it works

Status
Not open for further replies.

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
vnrwsOn.png


A new build of Windows 10 made its way to the Internet today. With this new build comes an update to Edge, and while the password manager was in the last leak, we could never get it to work correctly.

In build 10147, the password manager is now working and it is easy to use. The service allows you to add and remove passwords from the sites that you visit frequently, and if you watch the gif above, you will get a better understanding of how the feature works.

rZ2EhmI.png


Once an item has been added (which can be done manually, or Edge can save the password when you log in to a site for the first time), you can then edit or remove the credential from within the manager.

This simple addition to Edge makes it easier to have more control over your saved content in the browser and remove items that you don't want permanently stored as well. We fully expect Microsoft to sync these passwords over all iterations of Edge as well, which means that on your phone, you should be able to quickly log in to the sites you frequent often on the desktop.

While this feature is not unique to Edge, it is one more addition to the list of items the browser needs to have finished before the OS hits RTM.
 

comfortablynumb15

Level 7
Verified
May 11, 2015
326
It doesn't need to be finished, it needs to die in a fire. There should be no such thing as saving passwords in the most vulnerable of all software you can run.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
As IE/Edge miss some basic features for a browser then it should not bring huge impact except on performance does, vulnerabilities are always present and Password Manager will not affect for that development phase rather cope in latest trends.
 

comfortablynumb15

Level 7
Verified
May 11, 2015
326
My statement wasn't directed at IE, but at browsers in general. The browser is the number one attack vector on a system, so logically it's the last place you want to store sensitive information like passwords. Look, Microsoft, Google, etc can say all they want about their security measures, but they can't guarantee anything and no vendor or person can. Passwords themselves are vulnerable enough without putting them in even more danger.
 
  • Like
Reactions: sunil22

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
My statement wasn't directed at IE, but at browsers in general. The browser is the number one attack vector on a system, so logically it's the last place you want to store sensitive information like passwords. Look, Microsoft, Google, etc can say all they want about their security measures, but they can't guarantee anything and no vendor or person can. Passwords themselves are vulnerable enough without putting them in even more danger.
You have something better or more secure in mind?
disconecting from Internet or remembering all complex passwords in the head
 

comfortablynumb15

Level 7
Verified
May 11, 2015
326
You've got plenty of options, KeePass being a pretty good one as I don't recall the last time it was actually compromised (maybe a few years ago if I'm remembering right?). And unless you're planning on getting your system physically taken from you, there is always the old pen and paper by the computer route. Sounds silly, right? I'm pretty sure a hacker in Russia can't reach through your screen and take it from you. No need to remember, no need to log into KeePass with a password to get to your passwords, etc. There are no really great alternatives to passwords right now (biometrics security is given more credit than it really deserves ), but there sure is a hell of a better alternative to keeping passwords in the least secure place possible.
 
  • Like
Reactions: sunil22 and Oxygen

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
You've got plenty of options, KeePass being a pretty good one as I don't recall the last time it was actually compromised (maybe a few years ago if I'm remembering right?). And unless you're planning on getting your system physically taken from you, there is always the old pen and paper by the computer route. Sounds silly, right? I'm pretty sure a hacker in Russia can't reach through your screen and take it from you. No need to remember, no need to log into KeePass with a password to get to your passwords, etc. There are no really great alternatives to passwords right now (biometrics security is given more credit than it really deserves ), but there sure is a hell of a better alternative to keeping passwords in the least secure place possible.
I know what are you talking about, but I think that people are panicing too much about lately events. I will quotte myself talking with one of our members :
what is more probable?

3 guys trying to rob you on the street and take your money out of your pocket
or 15 guys trying to steal your money which is in bank with lasers, aliens, Gandalf and army of ninjas?

Piece of paper in your house or Keepass is nothing more secure than something stored online.
 
  • Like
Reactions: sunil22 and frogboy

comfortablynumb15

Level 7
Verified
May 11, 2015
326
I know what are you talking about, but I think that people are panicing too much about lately events. I will quotte myself talking with one of our members :
what is more probable?

3 guys trying to rob you on the street and take your money out of your pocket
or 15 guys trying to steal your money which is in bank with lasers, aliens, Gandalf and army of ninjas?

Piece of paper in your house or Keepass is nothing more secure than something stored online.


Can you give me the name and directions to this bank? I will walk right up to the front desk and scream "Shut up and take my money!". The issue with using the probable argument is that online, data protection is pretty much out of your hands once you store it with someone else. At home or in a program like KeePass, it's still in your hands. Nobody else can decide to be lazy with server security, hand it over to advertisers or for some stupid NSA requirement. People are panicking a lot, but that's because the media panics or makes everything sound like the end of the world is nigh, and people listen to the media. Not much we can do about that problem though.
 

Adhit Prakosho

Level 19
Verified
Top Poster
Well-known
Sep 14, 2014
929
So I always use the same password.
it would be very vulnerable to use the same password on all accounts :)
Forbidden from neowin :p
not for me, I can see it :

Interesting, it seems it's always forbidden when you open it from MalwareTips. They check the referrer.
You can pick it up and upload own :)
 
Last edited:

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Interesting, it seems it's always forbidden when you open it from MalwareTips. They check the referrer.
They use hotlinking protection. That's why I suggest anyone to use a third party image host, instead of direct copy and paste from websites. Also why images appear broken in the News sub-forum.
 
  • Like
Reactions: sunil22 and Oxygen

BoraMurdar

Community Manager
Thread author
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Can you give me the name and directions to this bank? I will walk right up to the front desk and scream "Shut up and take my money!"
There are many of those :p
I have just compared those two, what if your system falls, breaks or formats, ransomcrypt? Does offline managers protects you from those too? Judt, sayin', nothing is bulletproof and specially if NSA wants you. Yes you who are reading this, you must be very important when NSA wants info about your browsing.
No me gusta, but I don't care about that because I've nothing to hide.

Back to the topic, people can do whatever they want. They can use 1 username and password for every site and filling form. I feel a lot more secure behind 100 firewalls, billions of billions of combinations of protocols, changing in time so no supercomputer can calculate the breach, RSA encryption, so if someone enters data on the server they cannot see the file, cannot see where one file begins and ends, with master password that I only know, with authentication grid I only have, with secondary security mail I only know username and password, from locations I defined and granted access. And who knows how many security layers more that no one may talk about...
It's like I buried something and no one knows where. That's my bank with lasers, aliens, Gandalf and army of ninjas
Csi_miami_yeah.jpg
 
  • Like
Reactions: sunil22

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
It's convenient to include a password management component in Edge, for Windows 10. Check the Credentials Manager in the Control Panel for existing passwords.

It's optional if you want it to be synced to all Windows 10 devices, or local only.
 

Piteko21

Level 18
Verified
Top Poster
Well-known
Sep 13, 2014
874
store the passwords in the browser is always a bad decision. there are so many risks ...
on the other hand it is always much more comfortable because not have to always remember the passwords for a lot of services.

My password manager is a small notebook where I point out everything from my writing until my passwords.
I think it is impenetrable, because I hide in a secret place:D
 
  • Like
Reactions: sunil22

comfortablynumb15

Level 7
Verified
May 11, 2015
326
You're right in that absolutely nothing is foolproof, I just happen to believe that storing these things in the browser is about as close to saying "Here, take them" as one can get. If people want to though, they have that right.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top